Mobile Access Single Server & Proxy

As I understand it Mobile Access Server acts as the reverse proxy for another server on your network. So to use Mobile Access Server you would need two Snow Leopard Servers, one on the edge of your network acting as the proxy and one internal that runs the services. I could be wrong but I think that's how it works.

I don't think so.
It should work with just on Server, which is running the proxy, too.

JO

I still have not found any documentation to definitely say one or two servers. Proxy Servers typically like and behave better as a stand-alone unit, but most can run on the same server. The documentation states that this is a reverse proxy server. Does this mean reverse only?

I should have my Xserve Tuesday, and I will be testing both a single server and dual server configuration. I will also be able to make a phone call to clarify some of these issues.

Full documentation is available in the Network Services Administration guide:
http://manuals.info.apple.com/enUS/NetworkSvcsv10.6.pdf

Chapter 9, "Working with Mobile Access Service", starting on p. 181 contains a richer explanation of the service, the benefits it provides, and when it may be useful to deploy.

The recommended configuration is a minimum of two servers, one acting as the proxy and the second (and others) acting as origin server(s). This configuration minimizes the exposure of the origin server to the Internet and avoids complicated networking setups which can lead to TCP port conflicts. A picture of the setup would help clarify this, so I have requested such for the next revision of the document.

It is important to note that SLS does NOT require a Mobile Access server.

So how do you connect to the mobile access server? It explains you connect via SSL but gives no details (path etc...). Any info is appreciated.

One of the reasons I upgraded to SLS was the impression that it could host mobile access. Now that I discover it requires two servers I feel that Apple's advertising was misleading.

Has anyone figured out how to do this with one server?

Not only have I not figured out how to do it with 1 server, I can't get it working with 2!!! That document that everyone references is complete crap...it should give concrete examples, with diagrams, etc. One example use case would be the proxy MAS in the DMZ, with public IP, proxying back to an internal server behind the firewall running all the important services (web,mail,cal,address book)...with exact examples of everything from each IP, hostname, port access, etc. Wouldn't be hard to write this, get on the stick Apple, geessh! Another use case could be both servers on the internal network. Another use case could be combining functions and doing it all on 1 server (if this is indeed possible and supported).

I work in IT, as an engineer for a software company, and the answers I seek are not out there in any form today. It is crazy that Snow Leopard has been out for 2 months and the Mobile Access Server for example is a complete black-hole. Come on Apple! If you want people to take you seriously over Microsoft servers, you need to document everything, and have helpful documented examples for people prior to launch. It's pathetic when people are paying 500 bucks after having paid 1000 for Leopard server just 1 year ago.

Below is what I did to get Mobile Access to work with 1 Server.

The link was simply https://subdomain.yourdomain.com

Please keep in mind you have to forward the ports you have setup in Mobile Access if you have a router or firewall in front of your server.

In my case I forwarded ports 443 and the ports i used for Address Book, iCal and Mail in the Server Admin section of Mobile Access.

If you are going to use SSL your certificate has to match your link ( https://subdomain.yourdomain.com) without the the https://

The other thing I had to do to get it working was create an A Record for my sub-domain at the main domain level to forward to the public IP of my server.

Example: A (Host) Subdomain Points to: xxx.xxx.xxx.xxx

Once I completed the above steps I was able access Mobile Access. I did get the certificate warning but this is only due to me using a self-assigned certificate. If you get a Trusted Certificate this should go away.

Hope this helps!

Thanks,

ebrind

Hello,

Thought I would post an update.

I reinstalled my server again and was able to get Mobile Access working with only opening port 443 on the router. The other ports were not needed for Mobile Access to work. Everything else still applied.

Thanks,

ebrind

So, do we need TWO machines to accomplish the Mobile Access feature?

Can we use a virtual machine for the proxy machine?

Thanks

Kostas

Hello,

I do not believe so. It may be the preferred method of setup however mine worked straight away and I did not even have to mess with the reverse proxy settings. As soon I went to https://subdomain.mydomain.com I was redirected to:

https://subdoamin.mydoamin.com/secureproxylogin.php?https://subdomain.mydomain.com/

Hope this helps!

Thanks,

ebrind

Can you please be more specific with the procedure?

Ive followed your instructions and did not work.

Thanks

Kostas

Hello,

Can you get to the page Titled Mac OS X Server, please select from the available web services?

Thanks,

ebrind